A serious bug has been discovered in FaceTime, Apple’s video and chat app for iPhones. The vulnerability can allow a user to listen in on another iPhone user’s conversation before they pickup and without the recipient’s knowledge.
Since the bug went viral on Monday, Apple since disabled Group FaceTime completely, until a permanent fix is available.
The FaceTime bug was first reported by 9to5Mac and replicated to show how the exploit works.
The steps to recreate the bug are listed below:
- Start a FaceTime Video call with one of your iPhone contacts.
- While the call is dialing, swipe up from the bottom of the screen and tap Add Person.
- Add your own phone number in the Add Person screen.
- You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
Another report from BuzzFeed describes how the iPhone’s front-facing video can also be accessed and abused to eavesdrop on video feed.
Apple’s System Status page showed the Group FaceTime service is still unavailable as of Tuesday morning.